SUSE 10 SP3: 2011:1057-1 Critical: Xen Denial Of Service Fix

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/3894543_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for Xen
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:1057-1
Rating:             important
References:         #654798 #659070 #679344 #684297 #704380 #712038 
                    
Cross-References:   CVE-2011-1166 CVE-2011-1936 CVE-2011-2901
                   
Affected Products:
                    SUSE Linux Enterprise Server 10 SP3
                    SLE SDK 10 SP3
______________________________________________________________________________

   An update that solves three vulnerabilities and has three
   fixes is now available.

Description:


   This update fixes various bugs in XEN:

   The following security issues have been fixed:

   * A denial of service (Host Crash) in the XEN
   hypervisor. (CVE-2011-2901)
   * A bug was found in the way Xen handles CPUID
   instruction emulation during VM exits. An unprivileged
   guest user can potentially use this flaw to crash the
   guest. (CVE-2011-1936)
   * A 64-bit guest can get one of its vcpus into
   non-kernel mode without first providing a valid non-kernel
   pagetable. The observed failure mode was usually a hard
   lockup of the host (host denial of service). (CVE-2011-1166)

   It fixes also the following bugs:

   * bnc#654798 - SLES 10 SP3 XEN: Device /dev/xvdp is
   already connected error when starting multiple vm's
   * bnc#684297 - HVM taking too long to dump vmcore

   Security Issue references:

   * CVE-2011-2901
   
   * CVE-2011-1166
   
   * CVE-2011-1936
   

Indications:

   Please install this update.


Package List:

   - SUSE Linux Enterprise Server 10 SP3 (i586 x86_64):

      xen-3.2.3_17040_26-0.6.2.1
      xen-devel-3.2.3_17040_26-0.6.2.1
      xen-doc-html-3.2.3_17040_26-0.6.2.1
      xen-doc-pdf-3.2.3_17040_26-0.6.2.1
      xen-doc-ps-3.2.3_17040_26-0.6.2.1
      xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-default-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-smp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-libs-3.2.3_17040_26-0.6.2.1
      xen-tools-3.2.3_17040_26-0.6.2.1
      xen-tools-domU-3.2.3_17040_26-0.6.2.1
      xen-tools-ioemu-3.2.3_17040_26-0.6.2.1

   - SUSE Linux Enterprise Server 10 SP3 (x86_64):

      xen-libs-32bit-3.2.3_17040_26-0.6.2.1

   - SUSE Linux Enterprise Server 10 SP3 (i586):

      xen-kmp-bigsmp-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-kdumppae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-vmi-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-vmipae-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1

   - SLE SDK 10 SP3 (i586 x86_64):

      xen-3.2.3_17040_26-0.6.2.1
      xen-devel-3.2.3_17040_26-0.6.2.1
      xen-kmp-debug-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-kmp-kdump-3.2.3_17040_26_2.6.16.60_0.81.11-0.6.2.1
      xen-libs-3.2.3_17040_26-0.6.2.1
      xen-tools-3.2.3_17040_26-0.6.2.1
      xen-tools-ioemu-3.2.3_17040_26-0.6.2.1

   - SLE SDK 10 SP3 (x86_64):

      xen-libs-32bit-3.2.3_17040_26-0.6.2.1


References:

   https://www.suse.com/security/cve/CVE-2011-1166.html
   https://www.suse.com/security/cve/CVE-2011-1936.html
   https://www.suse.com/security/cve/CVE-2011-2901.html